Mastercard announced on Thursday the launch of a biometric card that combines chip technology with fingerprints in order to allow consumers to easily authorize financial transactions and verify their identity when […]

Well explained, “Consumers are increasingly experiencing the convenience and security of biometrics,” said Ajay Bhalla, president, enterprise risk and security, MasterCard, in a supporting statement. “Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected.”

Thanks for sharing!
On one hand, the fingerprint is helping to deliver additional convenience and security for us. However, on the flip side, one relatively large drawback for the convenience of the biometric card is that users are currently required to go to a bank branch in order to register and enroll their fingerprint. (Which is then converted into an encrypted digital template that is stored on the card.) Whereas bankcard users are normally mailed both their card and its PIN through the post so there’s no need to go to a branch to register before being able to use the card. We all know most people don’t really take actions to prevent the risk from happening until bad things occur to them. I am just curious to know how many people will actually participate to enroll their fingerprint.

Many organizations apply cyber threat intelligence (CTI) solely in limited ways that serve the functionality of its namesake — that is, they appropriate all CTI-related operations solely to cybersecurity and IT […]

Shadow IT and sanctioned cloud apps are gaining ground in the enterprise. At last count, employees at enterprise-class organizations were using 841 different apps on average, according to Blue Coat Elastica C […]

Sixty-one percent of organizations polled in a new survey responded that they’d been hit by a ransomware demand. But, perhaps more troubling was the finding that of those, a third paid the ransom demand. This was […]

A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder. If the methods used by penetration testers to break into a network are any indication, a […]

Dr. Ed Glebstein, Ph.D. lists and describes in his article “Is There Such a Thing as a Bad Auditor” a number of “Auditor Types” with the intent of helping readers recognize possible weaknesses in themselves.
Which one of these do you consider the worst type from the standpoint of the auditee? Why?
The auditee is the person or group respons…[Read more]

APT28 is also tracked as Fancy Bear, Pawn Storm, Sofacy, Tsar Team, Strontium and Sednit. The threat actor has been linked to several high-profile attacks aimed at government and other types of organizations […]

APT28 is considered to be one of the most sophisticated and successful cyberespionage groups in the world and it frequently uses zero-day exploits—exploits for previously unknown vulnerabilities. The group has been blamed for many hacking operations around the world over the years, and its selection of targets has frequently reflected Russia’s geopolitical interests. Security researchers believe that the group is likely tied to the Russian Military Intelligence Service (GRU).
X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.It’s not entirely clear how the malware is being distributed because the Bitdefender researchers only obtained the malware sample, not the full attack chain. However, it’s possible a macOS malware downloader dubbed Komplex, found in September, might be involved.

Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK. But more than the ever increasing financial and reputational r […]

Last year I watched a segment on television, not sure if it was on the news or a nightly show, about ransomware and its prevalence in the healthcare industry. Various hospitals have been the targets of increased ransomware attacks in the past few years. The attackers are focusing their attacks on the hospitals’ records and data with the ransomware. When the attacks take place the hospitals contact the FBI and are often told their only course of action if they want their files decrypted is to pay the entity(s) responsible for the attack and hope they honor the agreement. Since the data and records are so critical to the ability of the hospitals to carry out their functions, the hospitals usually agree to pay the ransom to decrypt their information. Thus far the attackers have honored the exchange, but who knows if that will continue in future attacks; although it would be counter intuitive to not do so and hope future targets pay up as well. The segment closed with the concern that in the future attackers may take over life saving and sustaining hospital equipment hooked up to patients and potentially risk lives in exchange for ransom payments. It will be interesting to see the increase in cyber risk assessment and response due to the changing landscape of attacks and vulnerabilities in the industry.

Some of the latest cyber attacks seek to steal information using man-in-the-browser (MITB) attacks. These represent a dangerous trend because they circumvent even the strongest authentication techniques by […]